Description of problem: I get the following avc during boot (shows up in dmesg): [ 47.478675] type=1400 audit(1299761552.099:5): avc: denied { connectto } for pid=1069 comm="systemd-tty-ask" path=002F6F72672F667265656465736B746F702F706C796D6F75746864 scontext=system_u:system_r:systemd_passwd_agent_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket It doesn't seem to block unlocking encrypted devices (though I am seeing random failures there still) as I see it both when unlocking succeeds and when it fails. Version-Release number of selected component (if applicable): systemd-20-1.fc15.i686 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
type=AVC msg=audit(03/10/2011 07:52:32.099:5) : avc: denied { connectto } for pid=1069 comm=systemd-tty-ask path=/org/freedesktop/plymouthd scontext=system_u:system_r:systemd_passwd_agent_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket Should we just allow this in SELinux?
Yes, please. This is systemd trying to get a password from plymouth to use to decrypt a device.
Fixed in selinux-policy-3.9.16-4.fc15
selinux-policy-3.9.16-5.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-5.fc15
selinux-policy-3.9.16-5.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.